IT Security News Daily Summary 2023-07-29

• Now Abyss Locker also targets VMware ESXi servers

• HSI Seeks Public’s Help Following New Orleans Daycare Worker Arrest

• ChatGPT’s Plug-In Vulnerabilities

• Protecting energy infrastructure from cyberattacks

• FraudGPT: ChatGPT’s Evil Face

• Out of 50,000 Cybercrimes Reported in 6 Years, Only 23% Successfully Solved

• The Unyielding AI Challenge: Safeguarding Organizations in the Digital Era

• CERT-In Warns Against Mallox Ransomware Targeting Unsecured MS SQL Servers

• Original BreachForums Breached, PII Data of 210K Users Sold Online

• ‘Call of Duty: Modern Warfare 2’ Players Hit With Worm Malware

• Lawmakers Accuse Facebook Of Censoring Americans After White House Pressure

• CISA’s security-by-design initiative is at risk: Here’s a path forward

• 41 Zero-days Exploited In-the-Wild in 2022 – Google Report

• Why Dwell Time is the Biggest Threat to Security Operations Center (SOC) Teams in 2023

• A Look into The Future: My Journey at the 2023 RSA Conference and The Exciting, Yet Troubling Path of Cybersecurity Innovation

• Is backdoor access oppressive? – Week in security with Tony Anscombe

• Security Serious Unsung Heroes Awards 2023 Open for Nominations

• New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data

• Build or Buy your own antivirus product

• Google: 0-Day vulnerabilities down in 2022, but still higher than average

• Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse

• RFP Template for Browser Security

• Hackers Deploy “SUBMARINE” Backdoor in Barracuda Email Security Gateway Attacks

• Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack

• Mobile Device Management: Securing the modern workplace

• Stories from the SOC: OneNote MalSpam – Detection & response

• Florida man accused of hoarding America’s secrets faces fresh charges

• Millions of people’s data stolen because web devs forget to check access perms

• Zimbra issues awaited patch for actively exploited vulnerability

• Thoughts on Tool Features, pt II

• Russian APT BlueBravo targets diplomatic entities with GraphicalProton backdoor

• BlackBerry announces participation in Cybertech Africa

• N. Korean Lazarus Group Suspected in $37.3M CoinsPaid Crypto Heist

• How to Use NordVPN Meshnet for Free

• IT Security News Daily Summary 2023-07-28

• OpenAI, Microsoft, Google, Anthropic Launch Frontier Model Forum to Promote Safe AI

• Friday Squid Blogging: Zaqistan Flag

• Choose the Best Biometrics Authentication for Your Use Case

• Senator Blasts Microsoft for Negligence in 365 Email Breach

• Stark#Mule Malware Campaign Targets Koreans, Uses US Army Documents

• CherryBlos Malware Uses OCR to Pluck Android Users’ Cryptocurrency

• Hack Crew Responsible for Stolen Data, NATO Investigates Claims

• A Successful IGA Deployment is a Journey, Not a Destination

• Zimbra Patched An XSS Zero-Day Vulnerability Under Active Attack

• Android’s new ‘unknown tracker alerts’ can help warn users of rogue Apple AirTags

• FBI boss: Congress must renew Section 702 spy powers – that’s how we get nearly all our cyber intel

• Chinese companies evade sanctions, fuel Moscow’s war on Ukraine, says report

• HackerOne: How Artificial Intelligence Is Changing Cyber Threats and Ethical Hacking

• Another AI Pitfall: Digital Mirroring Opens New Cyberattack Vector

• Government Needs Both the Ability to Talk to Social Media Platforms and Clear Limits, EFF Argues in Brief to Appellate Court

• Malvertising Attack Drops BlackCat Ransomware via Fake Search Results

• Improve IAM with identity threat detection and response

• Intersection of generative AI, cybersecurity and digital trust

• How to Prioritize Vulnerabilities Effectively: Vulnerability Prioritization Explained

• DNS Protection: A Must-Have Defense Against Cyber Attacks

• ‘Verified human’: Worldcoin Users Crowd for Iris Scans

• national identity card

• Incident Response Plan: What It Is and How to Build One

• Hackers Attack Apache Tomcat Servers to Deploy Malware

• In Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in Android

• US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications

• UK MoD Error Sends Emails to Russia’s Ally Instead of US

• Programme for International Cyber Expo’s Global Cyber Summit 2023 Announced

• Hacker Using Google and Bing ads to Deliver Weaponized IT tools

• The best AirTag wallets of 2023: Secure your cash

• New Study Reveals Forged Certificate Attack Risks

• MOVEit latest: US Government services provider Maximus hit

• Challenge Arising From the ChatGPT Plugin

• ChatGPT boss wants to scan eyeballs of billions amid AI privacy concerns

• 40% of Ubuntu Cloud Workloads Vulnerable to Exploits

• What is Managed Detection and Response (MDR)? Benefits & Capabilities

• 40,000 HRM Enterprises Clients Had Their Credit Card Information Stolen Following Cyberattack

• Zenbleed: Security Flaw Steals Data from AMD Zen 2 CPUs

• Corporate Data Heist: Infostealer Malware Swipes 400,000 Credentials in a Record Breach

• SentinelOne unveils cloud data security products for Amazon S3, NetApp

• Industry Reactions to New SEC Cyber Incident Disclosure Rules: Feedback Friday

• Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins

• Microsoft Accused of Negligence in Recent Email Compromise

• Employees are Feeding Sensitive Data to ChatGPT, Prompting Security Concerns

• Crypto Fraud Prevention and E-commerce Fraud Detection: Safeguarding the Digital Economy

• compliance audit

• IT Ops and Security Teams Need Automation, Not Couples Therapy

• IcedID Malware Adapts and Expands Threat with Updated BackConnect Module

• NATO Probes Hacktivist Crew’s Boasts Of Stolen Data

• MOVEit Bug Tied To Breach Of Up To 11M Records Via Govt Contractor

• US Senator Blasts Microsoft For Negligent Cybersecurity Practices

• Exploitation Of Recent Citrix ShareFile RCE Vulnerability Begins

• STARK#MULE Targets Koreans with U.S. Military-themed Document Lures

• Baffle Advanced Encryption analyzes regulated data while meeting all compliance standards

• Zimbra Patches Exploited Zero-Day Vulnerability

• Australia and US Issue Warning About Web App Threats

• Cyclops Launches From Stealth With Generative AI-Based Search Tool

• Citrix expands cloud and on-premises capabilities to support the needs of hybrid customers

• Mark Zuckerberg Admits More Than Half Of Users Have Left Threads

• Evolving Data Strategy at Major Canadian Bank

• The rise of malicious Chrome extensions targeting Latin America

• Hackers Abusing Windows Search Feature to Install Remote Access Trojans

• A Data Exfiltration Attack Scenario: The Porsche Experience

• What Is Secure Remote Access?

• Data Leak Exposes 572 GB of Student, Faculty Info from Accreditation Org

• Cyber insurance audit: Painful necessity, or a valuable opportunity?

• New Zenbleed Attack Threatens AMD Zen2 CPUs – Patch released

• AMD To Invest $400m In India Over Five Years

• Weintek Weincloud Vulnerabilities Allowed Manipulation, Damaging of ICS Devices

• CoinsPaid Blames North Korean Hackers for $37 Million Cryptocurrency Heist

• WhatsApp’s New Record Feature Lets You Record And Send Short Videos In Chats

• Dark Power Ransomware Abusing Vulnerable Dynamic-Link Libraries in Resolved API Flow

• U.S. Government Contractor Maximus Hit by Massive Data Breach

• The Road to Redemption: Ransomware Recovery Strategies for Businesses

• Campaign Finance Charge Against FTX’s Sam Bankman-Fried Dropped

• CoinsPaid blames North Korea-linked APT Lazarus for theft of $37M worth of cryptocurrency

• BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities

• Anomaly detection in certificate-based TGT requests

• The lost art of cloud application engineering

• SSNDOB Marketplace Admin Pleads Guilty

• Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns

• North Korean Hackers Bag Another $100m in Crypto Heists

• MOVEit Campaign Claims Millions More Victims

• Monitor Insider Threats but Build Trust First

• Data Loss Prevention for Small and Medium-Sized Businesses

• Want your endpoint security product in the Microsoft Consumer Antivirus Providers for Windows?

• Microsoft and Samsung launch Advanced Mobile Security Solution

• How to Spot Whaling Attacks: Safeguarding Against Targeted Cyber Threats

• Akira Ransomware Expands to Linux with In-built Tor Website

• Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches

• Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required

• New infosec products of the week: July 28, 2023

• ZTNA can be more than a VPN replacement for application access

• Effectively managing security budgets in a recession

• Get the AT&T Cybersecurity InsightsTM Report: Focus on Healthcare

• National Cyber Strategy Implementation Plan: What you need to know

• Blocking access to ChatGPT is a short term solution to mitigate risk

• CISOs consider zero trust a hot security ticket

• Credit Card Fraud Prevention: 12 Tips to Protect Yourself

• Cybersecurity in the Age of Remote Work: Best Practices for Businesses

• New SEC Rules Require Breach Disclosure within Four Days

• Enhance Productivity with Canon’s New B&W All-in-One Laser Printers

• Google: 41 zero-day vulnerabilities exploited in 2022

• Why CISOs Should Get Involved With Cyber Insurance Negotiation

• Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild

• Funding for Cybersecurity Startups Plunges – But Some Still Get Deals

• How to connect with Microsoft Security at Black Hat USA 2023

Generated on 2023-07-29 23:55:29.167118